Michael,
I generated such certificate.
here is my console trace:
-bash-2.05b# openssl req -x509 -newkey rsa:1024 -sha1 -keyout test.key
-out test.pem -nodes
Generating a 1024 bit RSA private key
.++++++
........................................................................
.....++++++
writing new private key to 'test.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CZ
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Test Org
Organizational Unit Name (eg, section) []:CA
Common Name (eg, your name or your server's hostname)
[]:testuser+serialNumber=1001
Email Address []:[EMAIL PROTECTED]
-bash-2.05b# openssl x509 -in test.pem -noout -text -nameopt RFC2253
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer:
[EMAIL PROTECTED],CN=testuser\+serialNumber=1001,OU=CA,O
=Test Org,C=CZ
Validity
Not Before: Nov 24 17:06:21 2003 GMT
Not After : Dec 24 17:06:21 2003 GMT
Subject:
[EMAIL PROTECTED],CN=testuser\+serialNumber=1001,OU=CA,O
=Test Org,C=CZ
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
...etc.
I just created a selfsigned crt, but I hope, when I'll have a request
and try to sign it with a CA key, it could be the same.
Zdenek
> -----Original Message-----
> From: Michael Bell [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 24, 2003 4:30 PM
> To: [EMAIL PROTECTED]
> Cc: Grich, Ondrej
> Subject: Re: [Openca-Users] serialNumber in DN
>
>
> Michael Bell wrote:
>
> >> Second problem is, openca constructs DN this way:
> >> serialNumber=anyvalue,cn=John Doe, ou=certreq group,basedn
> >>
> >> Is there any possibility to have DN of following syntax?
> >> serialNumber=anyvalue+cn=John Doe, ou=certreq group,basedn
> >>
> >> If I understand, RFC2253 allow this syntax, but not openca.
> >
> > This is correct RFC2253 support such DNs. OpenCA 0.9.x
> should support
> > these DNs too (at minimum 0.9.2 aka CVS HEAD will do it). The major
> > problem is our LDAP support. I will start testing it but
> this takes two
> > or three days.
>
> Mmh, perhaps I was too fast. Until now I'm not able to create such
> certificates with OpenSSL. I checked the sourcecode of OpenSSL and it
> looks like they always interpret a subject as a liniear sequence.
>
> Michael
> --
> -------------------------------------------------------------------
> Michael Bell Email: [EMAIL PROTECTED]
> ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482
> (Computing Centre) Fax: +49 (0)30-2093 2704
> Humboldt-University of Berlin
> Unter den Linden 6
> 10099 Berlin Email (private): [EMAIL PROTECTED]
> Germany http://www.openca.org
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive? Does it
> help you create better code? SHARE THE LOVE, and help us
> help YOU! Click Here: http://sourceforge.net/donate/
> _______________________________________________
> Openca-Users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/openca-users
>
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
